Upstream has released 26.0.1410.57 to fix CVE-2013-0927: http://googlechromereleases.blogspot.com/2013/04/chrome-os-stable-channel-update.html Stable channel is up to 26.0.1410.65: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
available on updates_testing and freeze push request sent.
chromium-browser-stable-26.0.1410.65-1.mga3 uploaded for Cauldron.
Version: Cauldron => 2Whiteboard: MGA2TOO => (none)
Assigning to QA. chromium-browser-stable-26.0.1410.65-1.mga2 uploaded to Mageia 2 updates_testing. Advisory to come later.
CC: (none) => dmorganecAssignee: dmorganec => qa-bugs
Tested ok i586 Java (although not on java.com test page, it's just a grey box), flash, addons, sunspider, browsing etc
Whiteboard: (none) => has_procedure mga2-32-ok
Testing complete mga2 64 Validating Advisory not yet available. SRPM: chromium-browser-stable-26.0.1410.65-1.mga2 Could sysadmin please push from core/updates_testing to core/updates when it's ready. Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok mga2-64-okCC: (none) => sysadmin-bugs
OK, the Chrome Stable Updates blog is confusing. Turns out that CVE was actually in Chrome OS in Pango, and not in the Chrome Browser itself. They seem to have both things mixed together on this blog. There don't appear to be any security issues in the browser fixed since the last version we released, just some "stability improvements" according to the blog. More details are in the commit logs: http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/branches/1410/src&range=189671:193017&mode=html http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/branches/1410/src&range=192696:193261&mode=html Sorry for the confusion. I'm not sure we really *need* to release this update for Mageia 2, but if we do the advisory can simply read: This updates Chromium browser to version 26.0.1410.65, which contains some stability improvements. References: http://googlechromereleases.blogspot.com/2013/04/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/04/stable-channel-update_10.html
Component: Security => RPM PackagesSeverity: critical => normal
Summary: chromium-browser-stable new security issue CVE-2013-0927 => chromium-browser-stable new version 26.0.1410.65 available
Thanks David. It's built and tested, stability improvements are good :) Advisory then -------------- This updates Chromium browser to version 26.0.1410.65, which contains some stability improvements. References: http://googlechromereleases.blogspot.com/2013/04/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/04/stable-channel-update_10.html -------------- SRPM: chromium-browser-stable-26.0.1410.65-1.mga2 Could sysadmin please push from core/updates_testing to core/updates when it's ready. Thanks!
oops bad copy/paste. It is ready now.
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGAA-2013-0017
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED